Fortinet Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
sw2090
Honored Contributor

FortiExtender in SD-Wan Rule not working

I have this constellation:

 

FGT100E with a FEX connected to it via capwap.

FGT has authorized the FEX and added a device ofor it.

All wans plus FEX are members of sd-wan. All wans except FEX are part of SD-WAN health check.

I kept FEX out because it should do dial on demand and I don't want it to connect every some minutes due the health check.

 

SDWAN has this setup:

 

rule #1: use WAN1 and WAN2 for all  to all  with maximize bandwith and two sla targets.

rule #2: use the other wan port for all to all with maximize bandwith and two sla targets.

rule #3: use the FEX for all to all with mode manual.

 

FEX is set to dial on demand and the LTE Connection does establish if i set it to connect permanently.

 

So in normal state traffic to the internet hits sdwan rule #1.

If I disconnect WAN1 and WAN2 it switches to rule #2 - good

If I disconnect all wans except the FEX - no more internet at all. FEX stays disconnected.

Additionally the SD-WAN Monitor on the 100E keeps telling me "link error" on the FEX interface.

But the FEX is there in Network->FortiExtender and it can be configured and monitored there correctly.

 

So something seems to prevent sd-wan from correctly detecting that the fex interface is up.

Does anyone have any hint what that could be?


-- 

"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams

1 REPLY 1
sw2090
Honored Contributor

After un UPgrade to 6.4.6 it didn't get an better. In fact it got worse.

After the upgrade (which threw no errors) sd-wan seemd not to work properly anymore.

The same settings and rules that worked well in 6.2 now caused internet to slow down and downloads to get stuck and ssh tunnels to rapidly disconnect.

I finally broght sd-wan back to normal behaviour when I deactivated all sd-wan rules so only the implicit default loadbalancing rule is still active. This renders the loadbalancer rather useless and makes the fallback I wanted impossible...

 

I also opened annother ticket with TAC on this.


-- 

"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams